CVE-2021-3490

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

References

https://ubuntu.com/security/notices/USN-4949-1

https://www.zerodayinitiative.com/advisories/ZDI-21-606/

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e

https://ubuntu.com/security/notices/USN-4950-1

https://www.openwall.com/lists/oss-security/2021/05/11/11

https://security.netapp.com/advisory/ntap-20210716-0004/

http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html

Details

Source: MITRE

Published: 2021-06-04

Updated: 2021-09-14

Type: CWE-125

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
151756openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
151730openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
151206SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2021:2198-1)NessusSuSE Local Security Checks
high
150927SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
150901SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
149437Photon OS 4.0: Linux PHSA-2021-4.0-0023NessusPhotonOS Local Security Checks
high
149411Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4949-1)NessusUbuntu Local Security Checks
high
149407Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4948-1)NessusUbuntu Local Security Checks
high
149406Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4950-1)NessusUbuntu Local Security Checks
high